Server Certificate Authentication

For SSL/TLS server authentication (the server needs to present
a certificate to the client), the following properties need to be
set in the Virtual Machine for the Java™ platform (JVM™)
running the SSL/TLS client:

-Djavax.net.ssl.trustStore

Defines the full path to the file containing the server's CA
certificate(s).

-Djavax.net.ssl.trustStoreType

Takes a value of JKS (Java Key Store).

In addition, the client's CA certificate needs to be imported
into the certificate store/database of the server's web container
and marked as a trusted issuer of client certificates.